<?php
// 本类由系统自动生成，仅供测试用途
class IndexAction extends Action {
    public function index(){
        header("Content-Type:text/html; charset=utf-8");
    	$this->display();
    }
    
    public function login(){
		$verify = $_REQUEST['verify'];
		
		$loginName = htmlspecialchars($_REQUEST['loginName']); //转义成&nbsp之类的
		//html_entity_decode();			换成html字符
		
		if ($this->verifyCheck($verify)){
			$user = D("ny_user");
			$loginName = $_REQUEST['loginName'];
			$loginPwd = $_REQUEST['loginPwd'];
			$refuse_str="and|or|select|update|from|where|order|by|*|delete|'|insert|into|values|create|table|database";
			$arr=explode("|",$refuse_str);
			for($i=0;$i<count($arr);$i++){
				if(strpos($loginPwd,$arr[$i])!=false){
					$loginName = str_replace($arr[$i],'3',$loginName);
					$loginPwd = str_replace($arr[$i],'3',$loginPwd);
				}
			}
			$map['loginname'] = $loginName;
			$map['password'] = md5($loginPwd);
			$result = $user->where($map)->find();
			if($result){
				$data['lastLoginDate'] = date ( "Y-m-d H:i:s" );
				$user->where($result['id'])->save($data);
				$_SESSION["loginUser"] = $user;
				
				$this->redirect("/ManageCenter/index");
			}else{
				$this->redirect("index",null,2,'用户名密码不正确，2秒后跳转到登陆页');
			}
		}else{
			$this->redirect("index",null,2,'验证码错误，3秒后跳转...');
		}
    }
    
    //检验验证码是否正确  
	public function verifyCheck($verify) {
		//防止页面乱码  
		//header('Content-type:text/html;charset=utf-8');  

		if (md5($verify) != $_SESSION['verify']) {
			return false;
		} else {
			return true;
		}
	}

	// 生成验证码  
	public function verify() {
		import("@.ORG.Util.Image");
		import("@.ORG.Util.String");
		Image :: buildImageVerify();
	}
}